On Sun, 06 Feb 2005 14:17:31 -0500, Robert L Cochran <cochranb@xxxxxxxxxxxxx> wrote: > Felipe Alfaro Solana wrote: > > > On 6 Feb 2005, at 18:54, Robert L Cochran wrote: > > > >> I'm trying to allow my print server on 192.168.1.160 to communicate > >> with my machine. Otherwise, I don't seem able to print to my > >> Laserjet. It seems to be doing that by sending TCP packets to port > >> 1023. So I added this rule to my firewall: > >> > >> -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport > >> 1023 -j ACCEPT > >> > >> But the packets still get rejected: > >> > >> Feb 6 12:26:04 bobcp4 kernel: Packet dropped..IN=eth1 OUT= > >> MAC=00:11:09:61:11:6b:00:c0:02:55:52:55:08:00 SRC=192.168.1.160 > >> DST=192.168.1.14 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=34854 PROTO=TCP > >> SPT=515 DPT=1023 WINDOW=1024 RES=0x00 ACK PSH SYN URGP=0 > >> > >> I also had 2 other rules: > >> > >> # -A RH-Firewall-1-INPUT -s 192.168.1.160 -p tcp -m state --state > >> NEW,ESTABLISHED,RELATED -j ACCEPT > >> # -A RH-Firewall-1-INPUT -s 192.168.1.160 -p udp -m state --state > >> NEW,ESTABLISHED,RELATED -j ACCEPT > >> > >> They are shown commented out, but when I uncommented them the effect > >> was the same as above: again the packets were rejected and nothing > >> printed. Any idea of what I am doing wrong? Port 631 is open. > > > > > > Where did you insert your rule? Make sure there is no DENY ALL rule > > before the one you added. It's very common in firewall rulesets to end > > the set with a DENY ALL rule. Thus, any rule you append will be useless. > > > There is indeed a global REJECT rule at the end of this chain. But I > added the rule near the start of the chain. There must be something I'm > missing here about the state of the packets. > > Bob > If your printer is using a JetDirect interface the port is 9100.
